diff options
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ip/ip_frag.c | 185 | ||||
-rw-r--r-- | src/vnet/ipip/ipip.h | 11 | ||||
-rw-r--r-- | src/vnet/ipip/node.c | 8 |
3 files changed, 120 insertions, 84 deletions
diff --git a/src/vnet/ip/ip_frag.c b/src/vnet/ip/ip_frag.c index 8d495af63ed..667a92bbfa5 100644 --- a/src/vnet/ip/ip_frag.c +++ b/src/vnet/ip/ip_frag.c @@ -46,33 +46,41 @@ format_ip_frag_trace (u8 * s, va_list * args) static u32 running_fragment_id; +/* + * Limitation: Does follow buffer chains in the packet to fragment, + * but does not generate buffer chains. I.e. a fragment is always + * contained with in a single buffer and limited to the max buffer + * size. + */ void -ip4_frag_do_fragment (vlib_main_t * vm, u32 pi, u32 ** buffer, +ip4_frag_do_fragment (vlib_main_t * vm, u32 from_bi, u32 ** buffer, ip_frag_error_t * error) { - vlib_buffer_t *p; + vlib_buffer_t *from_b; ip4_header_t *ip4; - u16 mtu, ptr, len, max, rem, offset, ip_frag_id, ip_frag_offset; - u8 *packet, more; - - vec_add1 (*buffer, pi); - p = vlib_get_buffer (vm, pi); - offset = vnet_buffer (p)->ip_frag.header_offset; - mtu = vnet_buffer (p)->ip_frag.mtu; - packet = (u8 *) vlib_buffer_get_current (p); - ip4 = (ip4_header_t *) (packet + offset); - - rem = clib_net_to_host_u16 (ip4->length) - sizeof (*ip4); - ptr = 0; - max = (mtu - sizeof (*ip4) - vnet_buffer (p)->ip_frag.header_offset) & ~0x7; - - if (rem > (p->current_length - offset - sizeof (*ip4))) + u16 mtu, len, max, rem, offset, ip_frag_id, ip_frag_offset; + u8 *org_from_packet, more; + + from_b = vlib_get_buffer (vm, from_bi); + offset = vnet_buffer (from_b)->ip_frag.header_offset; + mtu = vnet_buffer (from_b)->ip_frag.mtu; + org_from_packet = vlib_buffer_get_current (from_b); + ip4 = (ip4_header_t *) vlib_buffer_get_current (from_b) + offset; + + rem = clib_net_to_host_u16 (ip4->length) - sizeof (ip4_header_t); + max = + (mtu - sizeof (ip4_header_t) - + vnet_buffer (from_b)->ip_frag.header_offset) & ~0x7; + + if (rem > + (vlib_buffer_length_in_chain (vm, from_b) - offset - + sizeof (ip4_header_t))) { *error = IP_FRAG_ERROR_MALFORMED; return; } - if (mtu < sizeof (*ip4)) + if (mtu < sizeof (ip4_header_t)) { *error = IP_FRAG_ERROR_CANT_FRAGMENT_HEADER; return; @@ -85,12 +93,6 @@ ip4_frag_do_fragment (vlib_main_t * vm, u32 pi, u32 ** buffer, return; } - if (p->flags & VLIB_BUFFER_NEXT_PRESENT) - { - *error = IP_FRAG_ERROR_MALFORMED; - return; - } - if (ip4_is_fragment (ip4)) { ip_frag_id = ip4->fragment_id; @@ -106,84 +108,109 @@ ip4_frag_do_fragment (vlib_main_t * vm, u32 pi, u32 ** buffer, more = 0; } - //Do the actual fragmentation + u8 *from_data = (void *) (ip4 + 1); + vlib_buffer_t *org_from_b = from_b; + u16 ptr = 0, fo = 0; + u16 left_in_from_buffer = + from_b->current_length - offset - sizeof (ip4_header_t); + + /* Do the actual fragmentation */ while (rem) { - u32 bi; - vlib_buffer_t *b; - ip4_header_t *fip4; - - len = - (rem > - (mtu - sizeof (*ip4) - - vnet_buffer (p)->ip_frag.header_offset)) ? max : rem; - - if (ptr == 0) + u32 to_bi; + vlib_buffer_t *to_b; + ip4_header_t *to_ip4; + u8 *to_data; + + len = (rem > (mtu - sizeof (ip4_header_t) - offset) ? max : rem); + if (len != rem) /* Last fragment does not need to divisible by 8 */ + len &= ~0x7; + if (!vlib_buffer_alloc (vm, &to_bi, 1)) { - bi = pi; - b = p; - fip4 = (ip4_header_t *) (vlib_buffer_get_current (b) + offset); + *error = IP_FRAG_ERROR_MEMORY; + /* XXX: Free already allocated buffers? */ + return; } - else + vec_add1 (*buffer, to_bi); + to_b = vlib_get_buffer (vm, to_bi); + vnet_buffer (to_b)->sw_if_index[VLIB_RX] = + vnet_buffer (org_from_b)->sw_if_index[VLIB_RX]; + vnet_buffer (to_b)->sw_if_index[VLIB_TX] = + vnet_buffer (org_from_b)->sw_if_index[VLIB_TX]; + /* Copy adj_index in case DPO based node is sending for the + * fragmentation, the packet would be sent back to the proper + * DPO next node and Index + */ + vnet_buffer (to_b)->ip.adj_index[VLIB_RX] = + vnet_buffer (org_from_b)->ip.adj_index[VLIB_RX]; + vnet_buffer (to_b)->ip.adj_index[VLIB_TX] = + vnet_buffer (org_from_b)->ip.adj_index[VLIB_TX]; + + /* Copy offset and ip4 header */ + clib_memcpy (to_b->data, org_from_packet, + offset + sizeof (ip4_header_t)); + to_ip4 = vlib_buffer_get_current (to_b) + offset; + to_data = (void *) (to_ip4 + 1); + + /* Spin through buffer chain copying data */ + // XXX: Make sure we don't overflow source buffer!!! + if (len > left_in_from_buffer) { - if (!vlib_buffer_alloc (vm, &bi, 1)) + clib_memcpy (to_data, from_data + ptr, left_in_from_buffer); + + /* Move buffer */ + if (!(from_b->flags & VLIB_BUFFER_NEXT_PRESENT)) { - *error = IP_FRAG_ERROR_MEMORY; + *error = IP_FRAG_ERROR_MALFORMED; return; } - vec_add1 (*buffer, bi); - b = vlib_get_buffer (vm, bi); - vnet_buffer (b)->sw_if_index[VLIB_RX] = - vnet_buffer (p)->sw_if_index[VLIB_RX]; - vnet_buffer (b)->sw_if_index[VLIB_TX] = - vnet_buffer (p)->sw_if_index[VLIB_TX]; - /* Copy Adj_index in case DPO based node is sending for the fragmentation, - the packet would be sent back to the proper DPO next node and Index */ - vnet_buffer (b)->ip.adj_index[VLIB_RX] = - vnet_buffer (p)->ip.adj_index[VLIB_RX]; - vnet_buffer (b)->ip.adj_index[VLIB_TX] = - vnet_buffer (p)->ip.adj_index[VLIB_TX]; - fip4 = (ip4_header_t *) (vlib_buffer_get_current (b) + offset); - - //Copy offset and ip4 header - clib_memcpy (b->data, packet, offset + sizeof (*ip4)); - //Copy data - clib_memcpy (((u8 *) (fip4)) + sizeof (*fip4), - packet + offset + sizeof (*fip4) + ptr, len); + from_b = vlib_get_buffer (vm, from_b->next_buffer); + from_data = (u8 *) vlib_buffer_get_current (from_b); + clib_memcpy (to_data + left_in_from_buffer, from_data, + len - left_in_from_buffer); + ptr = len - left_in_from_buffer; + left_in_from_buffer = + from_b->current_length - (len - left_in_from_buffer); + } + else + { + clib_memcpy (to_data, from_data + ptr, len); + left_in_from_buffer -= len; + ptr += len; } - b->current_length = offset + len + sizeof (*fip4); + to_b->current_length = offset + len + sizeof (ip4_header_t); - fip4->fragment_id = ip_frag_id; - fip4->flags_and_fragment_offset = - clib_host_to_net_u16 ((ptr >> 3) + ip_frag_offset); - fip4->flags_and_fragment_offset |= + to_ip4->fragment_id = ip_frag_id; + to_ip4->flags_and_fragment_offset = + clib_host_to_net_u16 ((fo >> 3) + ip_frag_offset); + to_ip4->flags_and_fragment_offset |= clib_host_to_net_u16 (((len != rem) || more) << 13); - // ((len0 != rem0) || more0) << 13 is optimization for - // ((len0 != rem0) || more0) ? IP4_HEADER_FLAG_MORE_FRAGMENTS : 0 - fip4->length = clib_host_to_net_u16 (len + sizeof (*fip4)); - fip4->checksum = ip4_header_checksum (fip4); + to_ip4->length = clib_host_to_net_u16 (len + sizeof (ip4_header_t)); + to_ip4->checksum = ip4_header_checksum (to_ip4); - if (vnet_buffer (p)->ip_frag.flags & IP_FRAG_FLAG_IP4_HEADER) + if (vnet_buffer (org_from_b)->ip_frag.flags & IP_FRAG_FLAG_IP4_HEADER) { - //Encapsulating ipv4 header + /* Encapsulating ipv4 header */ ip4_header_t *encap_header4 = - (ip4_header_t *) vlib_buffer_get_current (b); - encap_header4->length = clib_host_to_net_u16 (b->current_length); + (ip4_header_t *) vlib_buffer_get_current (to_b); + encap_header4->length = clib_host_to_net_u16 (to_b->current_length); encap_header4->checksum = ip4_header_checksum (encap_header4); } - else if (vnet_buffer (p)->ip_frag.flags & IP_FRAG_FLAG_IP6_HEADER) + else if (vnet_buffer (org_from_b)-> + ip_frag.flags & IP_FRAG_FLAG_IP6_HEADER) { - //Encapsulating ipv6 header + /* Encapsulating ipv6 header */ ip6_header_t *encap_header6 = - (ip6_header_t *) vlib_buffer_get_current (b); + (ip6_header_t *) vlib_buffer_get_current (to_b); encap_header6->payload_length = - clib_host_to_net_u16 (b->current_length - + clib_host_to_net_u16 (to_b->current_length - sizeof (*encap_header6)); } - rem -= len; - ptr += len; + fo += len; } + /* Free original packet chain */ + vlib_buffer_free_one (vm, from_bi); } void diff --git a/src/vnet/ipip/ipip.h b/src/vnet/ipip/ipip.h index 6afb188f8ee..28833df9755 100644 --- a/src/vnet/ipip/ipip.h +++ b/src/vnet/ipip/ipip.h @@ -26,11 +26,12 @@ extern vnet_hw_interface_class_t ipip_hw_interface_class; -#define foreach_ipip_error \ - /* Must be first. */ \ - _(DECAP_PKTS, "packets decapsulated") \ - _(BAD_PROTOCOL, "bad protocol") \ - _(NO_TUNNEL, "no tunnel") +#define foreach_ipip_error \ + /* Must be first. */ \ + _(DECAP_PKTS, "packets decapsulated") \ + _(BAD_PROTOCOL, "bad protocol") \ + _(NO_TUNNEL, "no tunnel") \ + _(FRAGMENTED_PACKET, "fragmented outer packet") typedef enum { diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c index d55b91a0b93..60d6223d5f3 100644 --- a/src/vnet/ipip/node.c +++ b/src/vnet/ipip/node.c @@ -108,6 +108,14 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node, else { ip40 = vlib_buffer_get_current (b0); + /* Check for outer fragmentation */ + if (ip40->flags_and_fragment_offset & + clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS)) + { + next0 = IPIP_INPUT_NEXT_DROP; + b0->error = node->errors[IPIP_ERROR_FRAGMENTED_PACKET]; + goto drop; + } vlib_buffer_advance (b0, sizeof (*ip40)); ip_set (&src0, &ip40->src_address, true); ip_set (&dst0, &ip40->dst_address, true); |